SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Microsoft)  >   Windows Kernel Vendors:   Microsoft
Windows Kernel Flaws Let Local Users Gain Elevated Privileges and Deny Service
SecurityTracker Alert ID:  1023850
SecurityTracker URL:  http://securitytracker.com/id/1023850
CVE Reference:   CVE-2010-0234, CVE-2010-0235, CVE-2010-0236, CVE-2010-0237, CVE-2010-0238, CVE-2010-0481, CVE-2010-0482, CVE-2010-0810   (Links to External Site)
Date:  Apr 13 2010
Impact:   Denial of service via local system, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000 SP4, 2003 SP2, XP SP3, Vista SP2, 2008 SP2, 2008 R2, 7; and prior service packs
Description:   Several vulnerabilities were reported in the Windows Kernel. A local user can obtain elevated privileges on the target system. A local user can cause denial of service conditions.

A local user can supply specially crafted registry keys to a Windows kernel system call to cause the target system to become unresponsive and automatically restart [CVE-2010-0234]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.

A local user can create specially crafted symbolic links to cause the target system to stop responding [CVE-2010-0235]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.

A local user can create a specially crafted symbolic-link type registry key that, when processed by the target system, will execute arbitrary code with System privileges [CVE-2010-0236]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.

A local user can traverse symbolic links from untrusted to trusted hives to execute arbitrary code with System privileges [CVE-2010-0237]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.

A local user can create a specially crafted registry key to cause the target system to stop responding [CVE-2010-0238]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.

A local user can exploit a virtual path validation flaw to cause the target system to stop responding [CVE-2010-0481]. Tavis Ormandy of Google, Inc. reported this vulnerability.

A local user can create a specially crafted image file that, when processed, will cause the target system to stop responding and restart [CVE-2010-0482]. Martin Tofall of Obsidium Software reported this vulnerability.

A local user can create certain exceptions that will not be properly handled by the kernel, causing the target system to stop responding [CVE-2010-0810]. Tavis Ormandy of Google, Inc. reported this vulnerability.

Impact:   A local user can obtain elevated privileges on the target system.

A local user can cause the target system to crash.

Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=C5F4577E-7546-40E9-8BCD-BE11C1B260A6

Windows XP Service Pack 2 and Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=142710FD-9CD4-4DD0-AABA-2AACE03C008F

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3C0CB02E-3484-4CDF-8C64-C697AD3E2889

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=0A7EA2D0-61CE-4B68-AD82-D917B1A56F9D

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=1FC66F54-260A-4219-A0B4-056BA9DD0ABE

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=8DCB8BE8-FB78-4518-AA7E-F8B17F7DFB86

Windows Vista:

http://www.microsoft.com/downloads/details.aspx?familyid=86D7B054-AF4F-4D8A-9873-CB5246466374

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=86D7B054-AF4F-4D8A-9873-CB5246466374

Windows Vista x64 Edition:

http://www.microsoft.com/downloads/details.aspx?familyid=7C84AA24-6331-427A-969C-27F7D39DB3D7

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7C84AA24-6331-427A-969C-27F7D39DB3D7

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=25E3CE7F-53A0-4049-A65C-011D2143C4C2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8B99E54D-955B-4A06-9A04-B2F4596EFD72

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=B1F9746D-61A2-406F-B707-60646BD5B5BB

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=FF58D80C-33CE-4D9E-AAA5-0B1841458931

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=7F1DC055-2EC9-407A-9E69-DA12338587E3

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=28389C1D-2A12-4BEF-A59B-726BB6449C8B

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=D4EA3984-5183-47F1-814E-29CB6C90AE06

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-021.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-021.mspx (Links to External Site)
Cause:   Access control error, Input validation error, State error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Tue, 13 Apr 2010 18:17:10 +0000
Subject:  http://www.microsoft.com/technet/security/bulletin/ms10-021.mspx


Microsoft Security Bulletin MS10-021 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)

CVE-2010-0234
CVE-2010-0235
CVE-2010-0236
CVE-2010-0237
CVE-2010-0238
CVE-2010-0481
CVE-2010-0482
CVE-2010-0810
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC